-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 03 Jul 2026 14:01:02 +0300 Source: rlottie Architecture: source Version: 0.1+dfsg-4.2+deb13u2 Distribution: trixie Urgency: medium Maintainer: Nicholas Guriev Changed-By: Nicholas Guriev Closes: 1138919 1138920 1139179 Changes: rlottie (0.1+dfsg-4.2+deb13u2) trixie; urgency=medium . * Fix off-by-one error in Fortify-FreeType-raster.patch. * Add Fixed-vpath-potential-issue.patch to fix CVE-2026-47319. (Closes: #1138919) * Add Limit-recursion-in-LOTLayerItem.patch to fix CVE-2026-47320. (Closes: #1138920) * New Fixed-signed-shift-issue.patch probably fixes CVE-2026-10305. (Closes: #1139179) * New Fix-heap-buffer-overflow-from-short-truncation.patch. Checksums-Sha1: 2d6d34ec26425e25ca8ce75eaf0733c8babe9611 1482 rlottie_0.1+dfsg-4.2+deb13u2.dsc 2048ccafc78b679e32bbac51e8343d233517f022 25084 rlottie_0.1+dfsg-4.2+deb13u2.debian.tar.xz Checksums-Sha256: 2453920630fbc30dcc3fc8a6c62a794d402059684b23cac12e90f345b2ab0a29 1482 rlottie_0.1+dfsg-4.2+deb13u2.dsc ee979833cb0021da21c6236ac1253ffabebe92a45a8e4dce1aec174433933458 25084 rlottie_0.1+dfsg-4.2+deb13u2.debian.tar.xz Files: 4704712a4bab37369ebd40d5a7f9b640 1482 libs optional rlottie_0.1+dfsg-4.2+deb13u2.dsc 88329d2e93a9f307f9ae7ef0200419dc 25084 libs optional rlottie_0.1+dfsg-4.2+deb13u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iIYEARYIAC4WIQQRm7llN8yxifaG60cF2qh9JI3wlQUCakeXmhAcZ3VyaWV2LW5z QHlhLnJ1AAoJEAXaqH0kjfCVhzIA/1+tVaHXC9fhLDF2N3EvUvDaMhL0Aeaykb87 fi/B+ISBAP4lA8WJARFhRJU5AaZ11WH21MJ0hPzdDaOy15oo1gwdDA== =IqB1 -----END PGP SIGNATURE-----